VulnerableCode Package Details - pkg:alpm/archlinux/gitlab@13.10.3-2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/gitlab@13.10.3-2

Essentials
History (5)

purl	pkg:alpm/archlinux/gitlab@13.10.3-2

Next non-vulnerable version	13.12.2-1
Latest non-vulnerable version	15.2.1-1
Risk	4.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-24mf-t2wp-t7cb Aliases: CVE-2021-22206	An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,	13.10.4-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-6tyy-j5zg-zkgw Aliases: CVE-2021-22211	An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling.	13.10.4-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-6yhw-9sqw-zuge Aliases: CVE-2021-22209	An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.	13.10.4-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-n7n7-hk7v-rqa4 Aliases: CVE-2021-22210	An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results.	13.10.4-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-unhf-zjns-n7fn Aliases: CVE-2021-22208	An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update.	13.10.4-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:25:34.954170+00:00	Arch Linux Importer	Affected by	VCID-24mf-t2wp-t7cb	https://security.archlinux.org/AVG-1888	38.0.0
2026-04-01T18:25:34.932281+00:00	Arch Linux Importer	Affected by	VCID-unhf-zjns-n7fn	https://security.archlinux.org/AVG-1888	38.0.0
2026-04-01T18:25:34.907664+00:00	Arch Linux Importer	Affected by	VCID-6yhw-9sqw-zuge	https://security.archlinux.org/AVG-1888	38.0.0
2026-04-01T18:25:34.883252+00:00	Arch Linux Importer	Affected by	VCID-n7n7-hk7v-rqa4	https://security.archlinux.org/AVG-1888	38.0.0
2026-04-01T18:25:34.858454+00:00	Arch Linux Importer	Affected by	VCID-6tyy-j5zg-zkgw	https://security.archlinux.org/AVG-1888	38.0.0